Windows 10 vulnerability allows any user to become an administrator
As found Beep computer, A huge security hole was discovered in Windows 10 (see How to get Windows 10 for free or cheap) with Windows 11 Allow local account users to access sensitive account information for local and administrator accounts. This issue extends to local accounts that can change the password of the administrator account, allowing potential attackers to gain full access to the PC.
The problem lies in the Microsoft security rules assigned to the Windows Registry and Security Account Manager. For some reason, both reduce the restrictions, allowing any local user to fully access the file without administrator rights.
This is even more critical for the security account manager, which stores all the account data of all users on the PC-including passwords. Granting local users access to this private information allows an attacker to log in to one of the administrator accounts to take full control of the PC.
Fortunately, you cannot access the Windows registry files at will, because these files are always in use while Windows is running, which means you cannot view these files while Windows is using them.
But the solution to this “problem” is to access the Windows shadow volume used as a backup of the Windows registry and SAM files.
Microsoft is aware of this matter and is tracking it with code CVE-2021-36934, It also contains a complete solution to the problem, including restricting access to %windir%system32config and deleting any restore points or shadow volumes created before that point, until the vulnerability is blocked by an official security patch.
